Posted On: Jun 12, 2023

Today, we are launching preview of the AWS Database Encryption SDK, an upgrade to the existing Amazon DynamoDB Encryption Client, which enables you to include client-side encryption in your DynamoDB workloads. With this launch, you can more easily perform attribute-level encryption, enabling you to encrypt specific attribute values before storing them in your DynamoDB table. This lets you protect sensitive data in-transit and at-rest, as data cannot be exposed unless decrypted by your application. This new release also lets you easily search on encrypted attributes without decrypting the entire database beforehand. This lets you find the right information quickly to download to your application while your data remains securely encrypted within the database.

The AWS Database Encryption SDK makes it easy to let your customers bring their own encryption key to your application, giving them direct ownership over their data by controlling the encryption key. Designed with multi-tenancy in mind, you can use different encryption key providers across a single database table to safely isolate data. In conjunction with AWS Key Management Service (KMS), you can use KMS key policies to enforce clear separation between the authorized users who can access specific encrypted attributes and those who cannot.

The AWS Database Encryption SDK is compatible with Amazon DynamoDB and is available in Java under developer preview at aws-database-encryption-sdk-dynamodb-java GitHub repository. During the preview, we encourage you to evaluate and share your feedback on new features and improvements to the SDK. To learn more, see What is AWS Database Encryption SDK in the developer guide.